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val within which access to the stored information is autho- 
rized. The actual geographic position where the stored 
information is located, and the actual date/time can be 
determined, for example, based on signals received at a 
receiver supplying reliable position and time information, 
such as a GPS receiver. Access to the stored information is 
authorized if the actual geographic position and/or date/time 
falls within the authorized geographic region and/or date/ 
time interval. The position and date/time information sup- 
plied by the receiver may be cryptographically signed and 
encrypted. 
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CONTROLLING ACCESS TO STORED 
INFORMATION BASED ON 
GEOGRAPHICAL LOCATION AND DATE 
AND TIME 

BACKGROUND 

This invention relates to controlling access to stored 
information. 

Data distribution media, such as a CD-ROM, can store a 
large number of files. The producer of the CD-ROM may 
wish to control access by users to particular files, either 
because they are confidential or because access is subject to 
payment by the user. 

Access may be controlled by requiring a user to enter a 
password obtained from the CD-ROM producer. Different 
passwords may unlock different files or different subsets of 
files. The files may be cryptographically signed and for 
added protection, may be encrypted. In the scheme dis- 
cussed in U.S. Pat. No. 5,646,992, incorporated herein by 
reference, each file is encrypted by the producer with a 
unique key known only to the producer. The user receives 
the encrypted items and, after his request for access is 
processed by the producer, also receives decryption keys, 
i.e., passwords, which are used to decrypt the respective 
encrypted files. The passwords unlock only those files for 
which access has been requested. 

SUMMARY 

In general, in one aspect of the invention, the invention 
features controlling access to stored information by deter- 
mining an actual geographic position where the stored 
information is located based on signals received at a receiver 
supplying reliable position information. The actual geo- 
graphic position is then compared with a geographic region 
within which access to the stored information is authorized. 
The user is permitted access to the stored information if the 
actual geographic position is located within the authorized 
geographic region. 

Embodiments of the invention include the following 
features. The receiver that supplies the position information 
can receive the position information from a satellite-based 
location determination system or an inertial navigation sys- 
tem. The information can be stored on a computer-readable 
medium, such as a high-capacity disk. The stored informa- 
tion includes files and each of these files has an associated 
geographic region within which access is permitted. The 
user has access to a specific file or files if the actual 
geographic position is located within the authorized geo- 
graphic region for this file. The stored information can be 
encrypted, and the user has access to the decryption key only 
if the actual geographic position is located within the 
authorized geographic region. The stored information can 
also be divided into subsets of information and wherein at 
least one the subsets has a different authorized region from 
the other subsets. The association of the files with the 
authorized geographic regions can be stored as a policy file 
together with the stored information. 

In general, in another aspect, the invention features deter- 
mining an actual date or time at the location of the stored 
information based on signals received at a receiver supply- 
ing reliable time information. The actual date or time is 
compared with a predetermined date or time interval at 
which access to the stored information is authorized. The 
user can access the stored information if the actual date or 
time occurs within the authorized date or time interval. 

In general, in another aspect, the invention includes a 
receiver supplying reliable position information for deter- 
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mining an actual geographic position where the stored 
information is located. A computer receives the position 
information with a geographic region within which access to 
the stored information is authorized and permits access to 

5 the stored information if the actual geographic position is 
located within the authorized geographic region. 

Embodiments of the invention include the following 
features. The receiver includes a receiver encryption mecha- 
nism for cryptographically signing the actual geographic 

10 position with a receiver encryption key and verifying the 
receiver signature with a receiver decryption key before the 
actual geographic position is compared with the authorized 
geographic region. 

In general, in yet another aspect, the invention includes a 

15 reader with a corresponding receiver decryption key for 
verifying the cryptographically signed actual position. 

Embodiments of the invention include the following 
features. The reader generates an initialization vector pro- 

20 viding a position offset which is transmitted to the receiver 
and added to the actual geographic position. The reader 
crytographically signs the position offset with a reader 
encryption key. The receiver verifies the position offset 
signature with a corresponding reader decryption key before 

25 the position offset is added to the actual geographic position. 
In general, in another aspect, the invention features form- 
ing a policy associating the information with authorized 
geographic regions and authorized time intervals and cryp- 
tographically signing the policy and the information. The 

30 signed policy is stored together with the signed information. 
The user obtains from the producer a password for unlock- 
ing the policy and obtains access to the stored information 
if the actual geographic position and actual time falls within 
the authorized geographic regions and authorized time inter- 

35 val of the policy. 

Among the advantages of the invention are one or more 
of the following. 

A producer of stored information can restrict use of that 
information to designated geographic regions or can exclude 

40 designated regions where use is not permitted. For example, 
a service manual for an automobile stored on a CD-ROM 
may contain different sections of information which are 
applicable to corresponding specific countries and/or 
regions. A user may be permitted to see only the portion of 

45 the information which is applicable to his current geographic 
location. Likewiese, access to a sensitive corpoarte report 
may be limited to specific plant location. Access to time- 
sensitive information may be denied before or after a certain 
date or limited to a permitted period. By associating infor- 

50 mation about authorized geographic regions and time inter- 
vals with policy files stored on the CD-ROM and accessed 
with a user password, the CD-ROM producer can issue a 
new password to permit the user to access a particular set of 
policy files, and therefore the information authorized, for a 

55 corresponding region and date/time. 

Other advantages and features will become apparent from 
the following description and from the claims. 

DESCRIPTION 

60 FIG. 1 is a perspective view of a computer system; 

FIG. 2 is a block diagram of a computer-based system for 
controlling access to stored information; 
FIGS. 3 through 5 are flow diagrams; 
65 FIG. 6 is a block diagram of cryptographic elements. 
As seen in FIGS. 1 to 3, access to information which is 
stored on a portable computer-readable CD-ROM which 
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serves as a data distribution media 35, may be controlled 
based on an actual geographic position of a computer system 
10 on which the information is to be accessed and the time 
when it is to be accessed. 

In computer system 10, a computer 20 is connected to a 
keyboard 50, a mouse 60, a monitor 40, and a CD-ROM 
drive 30. A GPS receiver 70 serves as a source of reliable 
position and time information. The receiver 70 is located at 
the actual geographic position of the computer system 10 
and receives signals 75 from orbiting GPS satellites 90 (only 
one shown). The receiver 70 converts the received signals 75 
to geographic position data 71 to an accuracy of several 
meters in longitude, latitude and height and to date/time data 
71 to an accuracy of microseconds. The data 71 are trans- 
mitted to the computer 20 via a device driver 72. 

A receiver crypto-board 80 may contain a public-key 
certificate 81 signed by the producer and a corresponding 
private key 82, as shown in FIG. 6. The geographic position 
and date/time data 71 may then be signed with the private 
key 82 to authenticate the data. 

The CD-ROM drive 30 may also include encryption and 
signature capabilities (decoder 32) which may be imple- 
mented either in hardware or in software. The decoder 32 
includes a crypto-board public-key certificate 83 which is 
identical to certificate 81, a producer certificate 84 for 
verification of the producer's identity, and a distribution 
media policy decryption key 86 signed by the producer, as 
shown in FIG. 6. The crypto-board certificate 83 verifies the 
signature of the crypto-board 80 signed with the private key 
82. The policy decryption key 86 decrypts the access policy 
155 stored on the CD-ROM 35. 

The computer system 10 can have several levels of 
security, such as Level 1 and Level 2, described in the 
following examples. 

In a system with Level 1 security, the receiver 70 com- 
municates with the computer 20 via a conventional device 
driver 72 and the CD-ROM drive 30 is a conventional 
CD-ROM. Neither the receiver 70 nor the CD-ROM drive 
30 have additional encryption/decryption capabilities. For 
increased security, the computer 20 in a Level 1 system can 
be a "trusted" computer which can authenticate and/or 
encrypt data. In a more secure, Level 2 system, the receiver 
70 may include a crypto-board 80 and the CD-ROM drive 30 
may include a decoder 32. The Level 2 system is designed 
to provide data authenication and encrypted data transmis- 
sion between the receiver 70 and the decoder 32. The 
computer 20 can then be any commerical computer without 
data authentication and encryption. 

Data entered via the keyboard 50 and mouse 60 may 
include typical command and data input 130 entered via a 
user interface 95 (provided by an application program 34) 
and one or more passwords 130 that permit a user to gain 
access to information stored on the data distribution media 
35. 

The CD-ROM 35 stores different types of information, 
such as files with information 144, a list 150 of authorized 
geographic regions, a list 154 of authorized date/time 
intervals, one or more file decryption key files 146, one or 
more policy files 152 and a signature 147 for the entire 
CD-ROM 35. As seen in FIG. 3, the files 144, 146, 150, 152, 
154 and 155 may be signed and encrypted. 

The files 144 may be grouped in subsets 141, 142 and 143. 
Files may belong to more than one subset. (In the following 
discussion, the term file refers to both files and subsets of 
files.) Each file 141, 142 and 143 may be encrypted with a 
unique file encryption key 51 (E lt E2, E3). The correspond- 
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ing file decryption keys 52 (K lf K3) are stored on the 
CD-ROM 35 in the file decryption key file 146. Additional 
information about the decryption keys and the decryption 
key file are found in U.S. Pat No. 5,646,992. 

Each file 141, 142 and 143 on the CD-ROM 35 is 
associated with zero, one or more of the authorized geo- 
graphic regions stored in the list 150 of authorized geo- 
graphic regions. For example, a region may be bordered by 
latitudes and longitudes corresponding to the extent of the 
Empire State Building in New York City and an altitude of 
between 50 and 60 meters, so that the file associated with 
that region can only be opened if the receiver 70 is located 
in a certain office area inside the Empire State Building. 

Likewise, each file 141, 142 and 143 is associated with 
zero, one or more of the authorized dateAimc intervals stored 
in the list 154 of authorized date/time intervals. 

Each GPS satellite 90 maintains an extremely accurate 
clock. The receiver 70 receives the GPS clock signals as part 
of signals 75, or a local atomic clock can provide similar 
clock signals. Hie clock signals enable control of access to 
the information based on the actual time when access to the 
information is attempted. For example, the producer can 
specify that access is to be granted only (1) before a 
25 predetermined date/time; (2) after a predetermined date/ 
time; or (3) only during a predetermined date/time period. 

The producer can associate the files 141, 142 and 143 with 
specific items in the lists 150 and 154 via a password 130 
which the user enters via keyboard 50. The password 130 
can be a user password valid for more than one access, or 
can be a one-time password. Alternately, the producer can 
associate specific geographic region/date/time information 
of lists 150 and 154 with the files 141, 142 and 143 via the 
policy files 152. A valid user password 130 may unlock one 
or more policy files 152. If the user's actual geographic 
position and the current date and time are within the autho- 
rized geographic region and the authorized date/time corre- 
sponding to the user password 150, then the user can access 
the selected files via the user interface 95. The selected 
40 information is then displayed on output device 40. 

Table 1 shows, as an example, how five encrypted files, A 
to F, stored on the CD-ROM 35 and associated with corre- 
sponding authorized geographic regions and dates/times, 
can be accessed. Each file is associated with one of four 
different file decryption keys Kl to K4. LI and L2 are two 
different authorized geographic regions and Tl, T2 and T3 
are three different authorized date/time intervals. The user 
who is in possession of the file decryption key Kl, e.g., a 
password, can decrypt Manual A within the geographic 
regions LI and L3 at time Tl. The same user can also 
decrypt Manual D at the same time Tl in regions L2 and L3, 
but not within region LI. Likewise, the user who has key K2 
can decrypt Image B and Image E within the region L2, but 
not at the same time. Drawing C can be decrypted with key 
K3 at any location, but only at time T3, while the Business 
Report F requires key K4 and can be decrypted at any time, 
but only within the region LI. 
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As seen in FIG. 5, in process 450, the user's password 130 
TABLE 1 -continued is sent to the device driver 72, which accepts the password 

130 and passes it through unaltered to the decoder 32 (step 
550). The driver 32 then internally generates with the private 
5 key 86 its own one-time password corresponding to the 
user's password (step 560) and verifies (step 570) that the 
correct password 130 was communicated by the device 
driver 72, thus authenticating the user for the interactive 
session (step 572). Otherwise, access is denied (step 575). 
10 Once the encryption circuit 32 has authenticated the user, 
As shown in FIG. 3, for purposes of cryptographic the driver 32 interrogates the crypto -board 80 via the device 
signature with optional encryption, the producer selects driver 72 for the current time and position information froa> 
source files 144' to be written on the CD-ROM 35 and receiver 70 (step 580). The decoder unit 30 provides the 
specifies a list of authorized geographic regions 150' and a crypto-board 80 with a signed random or other bit pattern to 
list of authorized date and time intervals 154'. The producer 15 form an "initialization vector" (step 590), i.e., a position 
associates (as shown in Table 1) each file or subset of files offset, which the device driver 72 passes through the crypto- 
with zero, one or more geographic regions 150' and zero, one board 80 along with the request for the time and position 
or more date/time intervals 154' and stores this association (step 590). 

in a policy file 152'. Each of the files 144', 150*, 152', 154' cr ypto-board 80 responds by preparing a packet 

can be signed and encrypted in steps 53, 340, 350 and 360 20 acC0 rding to a pre-established data format which includes 
with corresponding encryption keys 51, 345, 355 and 365, me time ^ me actual geographic position in 

respectively. The corresponding encrypted files 150, 152 and latitude and longitude and altitude (step 600). Also included 
154 are then stored together on the CD-ROM 35 as a signed, may be information identifying the satellites transmitting the 
encrypted region/time/file access policy 155. Also stored on position data as well as other data necessary for the com- 
the CD-ROM 35 are, as mentioned above, the signed/ 25 prions. The crypto-board 80 also stores the provided 
encrypted files 144, the signed/encrypted symmetric file initialization vector at a known offset within the packet and 
decryption key file 146 and the signature 147 used by the applies a cryptographic signature to the contents of the 
producer to sign the entire CD-ROM 35. packet. The cryptographic signature can be, for example, a 

As seen in FIGS. 4 and 5, to gain access to the signed/ message digest/hash of the packet data, plus an encryption 
encrypted files 144, the user obtains a password 130 (FIG. 30 of the message digest according to some predetermined key, 
2) from the producer (step 400), and enters the password 130 and may be symmetrical or asymmetrical, depending on the 
via the keyboard 50 (step 410). The password 130 is key or certificate stored on the crypto-board 80. 
assumed to be a one-time password, although user pass- The crypto-board 80 then transmits (step 605) the signed 
words valid for more than one session can also be used. time/location packet to the device driver 72 which relays the 

As seen in FIG. 4, the early portions of the process flow 35 packet to the decoder 32/CD-ROM drive 30. The decoder 32 
for Level 1 and Level 2 are almost identical. compares the signature of the packet received from the 

Step 420 checks the password 130 and the process then crypto-board 80 with a signature stored in the decoder 32 
executes either 440 (for Level 1, with no additional security) (step 610). If the signature verifies properly (step 620), the 
or to 450 (for Level 2, with receiver/CD-ROM drive initialization vector within the packet is examined to deter- 
security), depending on the system configuration. Details of mine if the initialization vector is indeed the same initial- 
steps 440 and 450 are shown in FIG. 5 and will now be ization vector which the decoder 32 provided to the crypto- 
discussed. bo&id 80 in step 590. If this is the case, then the packet 

As seen in FIG. 5, in process 440 the user password 130 received by the decoder 32 is recent and genuine, and the 
is sent to the device driver 72 (step 510). In response to the 4S and position data are accepted as valid, 
one-time password 130, the device driver 72 generates from Once the packet from the crypto-board 80 is authorized 
the user's password 130 its own one-time password (step based on the signature and the initialization vector, the 
520) and verifies (step 530) that the user did indeed enter a decoder 32 compares the time and position data received 
correct one-time password 130, thus authenticating the user from the crypto-board 80 with the policy 155 which applies 
for the interactive session (step 532). Otherwise, access is 50 to the files 144 or to a subset of files 144 (step 460). If the 
denied (step 535). user » authorized to access the files 144, then the data is 

Once the password 130 has authenticated the user, the unlocked (step 470), decrypted with decryption keys 52 
device driver 72 interrogates the receiver 70 for the current (step 480) and supplied to the user's application program 34 
position and date/time (step 540). The device driver 72 then and displayed (step 490). 

compares the time and position data returned by the receiver 55 ° ther embodiments are within the scope of the following 
70 with the policy 155 which applies to the files 144 or a claims. For example, the GPS receiver need not be located 
subset 141, 142 and 143 of files (step 460). If the user is at the exact position of the data distribution media reader but 
authorized to access the files 144, then the data is unlocked, could be in a known location (such as a room containing a 
decrypted (step 470, FIG. 3) with decryption keys 52 (step control server providing computer service to a local area 
480) and supplied to the user's application program 34 (step 6 o network in a building) relative to the reader. 
490) and displayed. The policy files 152' may also designate geographic 

In a Level 2 system, the receiver 70 includes the crypto- regions where access to certain files 144 is denied, 
graphic receiver board 80, hereafter referred to as "crypto- Control over access to files need not be limited to the use 
board". As mentioned before, crypto-board 80 can sign and of passwords provided by the producer and entered via a 
encrypt/decrypt messages. The CD-ROM drive 30 includes 65 keyboard. For example, certain biometric attributes, such as 
decoder 32 to decode the position data signed by and facial features, finger prints and/or voice prints may be 
received from the crypto-board 80. substituted for or used in addition to passwords. 
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What is claimed is: 

1. A method for controlling access to stored information 
comprising: 

determining an actual geographic position where said 
stored information is located based on signals received 
at a receiver supplying reliable position information; 

cryptographically signing said actual geographic position 
with a receiver encryption key; 

verifying the signature of said actual geographic position; 

determining that said actual geographic position is within 
a geographic region within which access to said stored 
information is authorized; and 

permitting access to said stored information. 

2. The method of claim 1, wherein said receiver comprises 
a GPS receiver. 

3. The method of claim 1, wherein said information is 
stored on a computer-readable medium. 

4. The method of claim 3, wherein said computer-readable 
medium is portable. 

5. The method of claim 3, wherein said computer-readable 
medium comprises a high-capacity disk. 

6. The method of claim 1, wherein said stored information 
comprises riles and each of said files has an associated 
geographic region within which access is permitted, and 
further permitting access to said file if said actual geographic 
position is located within said authorized geographic region 
for said file. 

7. The method of claim 6, further comprising denying 
access to said stored information if said actual geographic 
position does not match said authorized geographic region. 

8. The method of claim 6, wherein said association of the 
files with the authorized geographic regions is stored as a 
policy file together with said stored information. 

9. The method of claim 1, further comprising: 
encrypting said stored information using an encryption 

key; and 

providing a decryption key which permits decryption of 
said stored information if said actual geographic posi- 
tion is located within said authorized geographic 
region. 

10. The method of claim 1, wherein said stored informa- 
tion is divided into subsets of information and wherein at 
least one the subsets has a different authorized region from 
the other subsets, so that access is authorized to the subset 
whose authorized geographic region is located within the 
actual geographic position, but not to the subsets whose 
authorized geographic region is not located within the actual 
geographic position. 

11. Apparatus for controlling access to stored information 
comprising: 

a receiver supplying reliable position information for 
determining an actual geographic position where said 
stored information is located, wherein the receiver 
comprises a receiver encryption mechanism providing 
a receiver encryption key for cryptographically signing 
data comprising the actual geographic position; and 

a computer for comparing said actual geographic position 
with a geographic region within which access to said 
stored information is authorized, 

wherein said computer permits access to said stored 
information if said actual geographic position is located 
within said authorized geographic region. 

12. The apparatus of claim 11, wherein said receiver is a 
GPS receiver. 

13. The apparatus of claim 11, further comprising a reader 
for reading said stored information wherein said reader 
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comprises a receiver decryption key for verifying the data 
comprising said cryptographically signed actual position. 

14. The apparatus of claim 13, wherein said reader 
generates an initialization vector which is transmitted to the 
receiver and included in the signed data. 

15. The apparatus of claim 14, wherein said signed 
initialization vector is verified by the reader before said 
computer permits access to said stored information. 

16. A method for controlling access to a subset of files 
belonging to a larger set of files of stored information 
comprising: 

associating a unique file encryption key with each file 
from the larger set of files and encrypting the files using 
the associated encryption keys; 
associating each of the files from the larger set of files 
with at least one authorized geographic region within 
which access to said stored information is authorized; 
determining an actual geographic position where said 
stored information is located based on signals received 
at a receiver supplying reliable position information; 
cryptographically signing at least the actual geographic 

position at the receiver; 
verifying the signature of the actual geographic position; 
comparing said actual geographic position with said 

authorized geographic region; and 
providing a file decryption key which authorizes access to 
and permits decryption of said files belonging to said 
subset of files, provided that the actual geographic 
position is located within the authorized geographic 
region for the files belonging to said subset of files. 

17. The method of claim 16, wherein said association of 
the files with the authorized geographic regions is stored as 
a policy comprising policy files wherein each policy file is 

35 accessible with a user password and authorizes, if the user 
password is valid, access to the files listed in said policy file, 
if the actual geographic position is located within the 
authorized geographic region associated with the files. 

18. The method of claim 17, wherein said policy is stored 
40 with the stored information. 

19. A method for controlling access to stored information 
comprising: 

determining an actual date or time at the location of said 
stored information based on signals received at a 
4S receiver supplying reliable time information; 

cryptographically signing at least the actual date or time 

at the receiver; 
verifying the signature of the actual date or time; 
comparing said actual date or time with a predetermined 
date or time interval at which access to said stored 
information is authorized; and 
permitting access to said stored information if said actual 
date or time occurs within said authorized date or time 
interval. 

20. The method of claim 19, further comprising denying 
access to said stored information if said actual date or time 
does not occur within said authorized date or time interval. 

21. The method of claim 19, wherein said information 
comprises files and each of said files has an associated 
authorized date or time interval within which access is 
permitted, and further permitting access to said file if said 
actual date or time occurs within said associated authorized 
date or time interval. 

22. The method of claim 19, wherein said stored infor- 
mation is divided into subsets of information and wherein at 
least one of the subsets has a different authorized date or 
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time interval from the other subsets, so that access is 
authorized to the subset whose authorized date or time 
interval matches the actual date or time, but not to the 
subsets whose authorized date or time interval does not 
match the actual date or time. 5 

23. A method for controlling access to stored information 
comprising: 

forming a policy associating said information with autho- 
rized geographic regions and authorized time intervals; 

cryptographically signing said policy and said informa- 10 
tion; 

storing said signed policy together with said signed infor- 
mation; 

providing a password for unlocking said policy; 15 
determining an actual geographic position where said 
stored information is located based on signals received 
at a receiver supplying reliable position information; 
determining an actual time; 

cryptographically signing at least the actual geographic 20 
position and the actual time at the receiver; 

verifying the signature of the actual geographic position 
and the actual time; 

comparing said actual geographic position and said actual 2 s 
time with said authorized geographic regions and 
authorized time interval of said policy; and 

permitting access to said stored information if said actual 
geographic position and actual time falls within said 
authorized geographic regions and authorized time 30 
interval of said policy. 

24. The method of claim 23, wherein position and time are 
determined through a Global Orbiting Navigational Satellite 
System. 

25. The method of claim 23, wherein position is deter- 35 
mined through an inertial navigation system. 
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26. The method of claim 23, wherein position is deter- 
mined through a satellite based location determination sys- 
tem. 

27. A method for controlling access to stored information, 
the method comprising: 

(a) determining a position; 

(b) cryptographically signing data comprising at least a 
representation of the position; 

(c) verifying the signature of the data comprising at least 
a representation of the position; 

(d) determining that access to the stored information is 
authorized at the position; and 

(e) permitting access to the information based at least 
upon (c) and (d). 

28. The method of claim 27, further comprising 

(f) providing the cryptographically signed data to an 
information accessing device, wherein (c) and (e) are 
performed by the information accessing device. 

29. The method of claim 28, further comprising: 

(g) identifying a token; 

(h) incorporating the token in the data that is crypto- 
graphically signed; and 

(i) verifying that the cryptographically signed data com- 
prises the token. 

30. The method of claim 29, wherein (g) and (i) are 
performed by the information accessing device. 

31. The method of claim 29, wherein (a), (b), and (h) are 
performed by a position determining device. 

32. The method of claim 29, further comprising 

(j) providing the token to the position determining device. 

* * * * * 
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